10 August 2018

The IPv6 protocol provides as opportunities as well as risks

For many years, Internet users viewed the IPv6 protocol as a way to speed up network traffic and address the pending problem of the exhaustion of the network address pool. However, although many IT managers have controlled the development of this technology, and some organizations have already switched to this standard, still the most of enterprises that are not ready to solve new security problems arising from such a transition. Many companies seeking to migrate on IPv6, for example, every modern host server running Windows comes with enabled support for this protocol. At the same time, most IT departments have not yet developed a strategy and have not prepared their systems to adequately respond to possible problems. Many still use IPv4-based monitoring and security systems.

This allows attackers to install a fake IPv6 address over an existing IPv4 network and force clients to send information to the IPv6 network tunnel.

How does the threat act?

The new threat is based on the so-called Man-in-the-Middle attack. Dissatisfied employees can use this scheme to intercept Web traffic and track the actions of other employees of the company. In a more fatal scenario, they can modify or forge sites to organize an attack. In fact, an attacker can achieve his goal, having only the shell of the site. The purpose of such actions can be a phishing attack, an attack on customers and other ways of obtaining user registration data, as well as personal data, including credit card numbers.

Radical measures

The most radical way to completely eliminate the risk and eliminate any attack possibility is to completely disable IPv6. A more realistic approach for most enterprises is the combination of protective measures recommended by the Internet Engineering Task Force. For example, a threat can be minimized by segmenting and logically dividing internal networks.

In addition, now almost all Cisco switches now began to support RA Guard technology. If this technology is activated and correctly configured, the specified attack method will not work.

It is worthwhile to understand that all the listed methods are all just a bolt from the consequences of the global problem. The modern network infrastructure only begins its journey to the transition and implementation of IPv6. Only the general use of this protocol can forget about the threats of implementation.